DownloadRestrictions: Add the 4th enum value to policy template

Change-Id: Iedcc3720627552c022d8dcb167a724bd09bcfa02
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1823438Reviewed-by: Owen Min <zmin@chromium.org>
Reviewed-by: Marc-André Decoste <mad@chromium.org>
Commit-Queue: Kathryn Spiers <ksspiers@google.com>
Cr-Commit-Position: refs/heads/master@{#700440}

components/policy/resources/policy_templates.json

@@ -2978,7 +2978,7 @@
       'type': 'int-enum',
       'schema': {
         'type': 'integer',
-        'enum': [ 0, 1, 2, 3 ],
+        'enum': [ 0, 1, 2, 3, 4 ],
       },
       'items': [
         {
@@ -3001,6 +3001,11 @@
           'value': 3,
           'caption': '''Block all downloads''',
         },
+        {
+          'name': 'BlockMaliciousDownloads',
+          'value': 4,
+          'caption': '''Block malicious downloads''',
+        },
       ],
       'supported_on': ['chrome.*:61-', 'chrome_os:61-'],
       'features': {
@@ -3022,6 +3027,8 @@
 
       When the 'Block all downloads' option is chosen, all downloads are blocked.
 
+      When the 'Block malicious downloads' option is chosen, all downloads are allowed, except for those that Safe Browsing assesses to be malware with high confidence. Unlike with dangerous downloads, this does not take into account file type, but does take into account the host.
+
       When this policy is not set, (or the 'No special restrictions' option is chosen), the downloads will go through the usual security restrictions based on Safe Browsing analysis results.
 
       Note that these restrictions apply to downloads triggered from web page content, as well as the 'download link...' context menu option. These restrictions do not apply to the save / download of the currently displayed page, nor does it apply to saving as PDF from the printing options.